<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    
<?php 
$layout = explode('&&&', file_get_contents('layout.html'));
echo $layout[0];

session_start();
if (!(isset($_SESSION['username'])))
	header("location:login.php");
?>

<?php require_once('Connections/db_conn.php'); ?>

<?php
mysql_select_db($database_db_conn, $db_conn);
$username = $_SESSION['username'];
$query_Users = "SELECT * FROM USER where UserId='$username'";
$Users = mysql_query($query_Users, $db_conn) or die(mysql_error());
$row_Users = mysql_fetch_assoc($Users);
?>

<html>
<style type="text/css">
<!--
.style1 {color: #FF0000}
-->
</style>
<body>

<!-- Begin Main Column -->

<div id="mainContent">
	
	<h2>Change User Info    </h2>
<form id="form1" method="post" action="">
	  <table width="440" height="166" border="0">
        <tr>
          <td>First Name:</td>
          <td><label>
            <input type="text" name="first_name" id="first_name" value="<?php echo $row_Users['FirstName']?>"/>
          </label></td>
        </tr>
        <tr>
          <td>Last Name:</td>
          <td><label>
            <input type="text" name="last_name" id="last_name" value="<?php echo $row_Users['LastName']?>"/>
          </label></td>
        </tr>
        <tr>
          <td>Email Address:</td>
          <td><label>
            <input type="text" name="email_address" id="email_address" value="<?php echo $row_Users['Email']?>"/>
          </label></td>
        </tr>
        <tr>
          <td>Confirm Email Address:</td>
          <td><label>
            <input type="text" name="confirm_email_address" id="confirm_email_address" value="<?php echo $row_Users['Email']?>"/>
          </label></td>
        </tr>
      </table>
      <p>
        <label>
        <input type="submit" name="submit" id="submit" value="Submit" class="button"/>
        </label>
      </p>
	</form>
    <?php
	 	if($_POST) {
			ob_start();
			$host="localhost"; // Host name
			$username="root"; // Mysql username
			$password=""; // Mysql password
			$db_name="rtl"; // Database name
			$tbl_name="user"; // Table name
			
			// Connect to server and select databse.
			mysql_connect("$host", "$username", "$password")or die("cannot connect");
			mysql_select_db("$db_name")or die("cannot select DB");
			
			$first_name=$_POST['first_name'];
			$last_name=$_POST['last_name'];
			$email=$_POST['email_address'];
			$email_confirm=$_POST['confirm_email_address'];
			
			// To protect MySQL injection (more detail about MySQL injection)
			$first_name = stripslashes($first_name);
			$last_name = stripslashes($last_name);
			$email = stripslashes($email);
			$email_confirm = stripslashes($email_confirm);

			$first_name = mysql_real_escape_string($first_name);
			$last_name = mysql_real_escape_string($last_name);
			$email = mysql_real_escape_string($email);
			$email_confirm = mysql_real_escape_string($email_confirm);
			
			$success = 0;
			$fail = 0;
			$username = $_SESSION['username'];
			if($email != NULL && $email_confirm != NULL && $email == $email_confirm) {
				mysql_query("UPDATE $tbl_name SET Email='$email' WHERE UserID='$username'");
				$success = 1;
			}
			else {
				if($email != $email_confirm) {
					echo "Email must match email confirmation.";
					$fail=1;
				}
			}
			if($first_name != NULL){
				mysql_query("UPDATE $tbl_name SET FirstName='$first_name' WHERE UserID='$username'");
				$success = 1;
			}
			if($last_name != NULL){
				mysql_query("UPDATE $tbl_name SET LastName='$last_name' WHERE UserID='$username'");
				$success = 1;
			}	
			if(!$fail) {
				echo "User information successfully changed.";
			}
									
			ob_end_flush();
		}
	?>    
</div>

<!-- Begin Side Column -->
<!-- Begin Footer -->
<?php
echo $layout[1];
?>

</body>
</html>